Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Is your wireless a hackers’ playground?

I have found in life that many things we deal with are…mixed blessings. Such is the case with wireless technology. The very factors which make it so convenient (and thus popular) also make it less secure. A WAP is a radio station. It broadcasts its signal in all directions, for a limited distance; and it “listens” for signals as well. It (by default) sends out a constant “I’m here. I’m ready. I’m here. I’m ready…” When a passing device, a laptop or PDA say, gets within range it hears the WAP (Wireless Access Point) and can connect with it by sending a “I’m ready too. Let’s begin.” message.
So convenient. So easy. And no wires holding you to one spot. It’s a modern miracle!
It’s little wonder that nine out of ten networking devices sold in the US are “wireless”. They cost basically the same as wired, so why not get wireless too? My router is wireless (a WAP). Isn’t yours?
But I know about wardriving. Yes–”war+driving”. What’s that? It’s driving around with a laptop and a sensitive antenna (or a piece of coaxial cable stuck into the bottom of a Pringle’s can) and trying to “sniff” (detect) unprotected WAPs. It’s a game hackers play: who can detect the most unsecured WAPs in an hour? When they’re not doing it for kicks, they’re accessing a wardriven WAP and ‘creeping’. What’s that, you ask? “Creeping” is browsing around the data on the computers connected to the WAP. Most of the time they’re not interested in stealing your data (there’s no challenge there), they’re just snooping. They get some kind of kick out of it. (Sometimes they’ll leave behind a ‘calling card’ to let you know you’ve been ‘creeped’.) Most of the time these guys cause no harm…unless they see that you’re a total non-geek novice (no anti-virus, all your .docs are in one folder, you’ve never ‘defragged’, etc.) and they decide you’re “too stupid to own a computer” and they take it upon themselves to “punish” you by erasing your config.sys file (which will cause Windows to fail to load).
Sometimes they will simply “pile on” or “coast” a WAP and use it to surf the web for free–the main downside to the owner is reduced bandwidth (speed).
When a hacker runs across a WAP in his wardriving games that the owner has taken the precaution of encrypting, he usually passes on by, but sometimes they get bored with the super-easy creeping, and feel the need for a challenge (I’m sure, thinking, “what’s this guy hiding behind that encryption?”). This is when hackers become crackers. See, it’s terribly easy to turn on encryption–every WAP manufacturer builds it into the product–and use it. The trouble is most folks don’t know about it, much less use it…But for those who do, manufacturers included the ability to use WEP encryption (Wired Equivalent Privacy): a 128bit stream cipher key. So now the hacker is looking at gibberish and needs to find a way to “crack” the code to see the data being transmitted, and to talk/co-operate with the WAP–thus the ‘challenge’. Sadly, with the computing power of today’s personal computers and freely available tools a hacker can break into WEP protection in less than two minutes (much less).
Eventually, the hacker’s methods were discovered and WEP was quickly declared to be next-to-useless, and manufacturers switched to a new (2003) and improved methodology called WPA–Wi-Fi Protected Access. Now there’s WPA2. Have the hacker/crackers been thwarted? Well…um…no. However, WPA and the newer WPA2 are so time consuming to crack, the average hacker won’t bother. Why should he? There’s still plenty of folks broadcasting “Here I am. I’m free and easy. Here I am…” Seeemingly every house on the block an unwitting Internet café.
WPA2 is pretty good, and keeps out all but the determined (and sometimes even them).
The main points I want to make here are:
* You really do want to turn on the feature that scrambles your wireless transmissions. (To read my How-To article, How-to-secure-your-wireless-network, click here.)
* Securing your wireless by encrypting with WEP is next to useless; with WPA is so-so; and, WPA2 is the way to go at this time.
* Your network is only as capable as its weakest link, so if you have older devices that aren’t WPA-capable, your newer devices will default down to WEP (or no encryption) level to accomodate your old. I recommend replacing your older gear with newer, WPA2-capable devices.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

June 17, 2008 - Posted by | advice, computers, encrypting files, hardware, how to, networking, PC, Portable Computing, routers and WAPs, security, tech | , , , , , , , , , , , ,

1 Comment »

  1. Hey Paul,

    What a great article – a definite keeper – gonna print this one! The amazing thing is I can remember, oh maybe 10 years ago, when war-driving was first being reported on. It seems many people have yet to get the message.

    No surprise there though. Security seems to be the last thing on most peoples’ minds. If they only knew!

    BM

    Like

    Comment by Bill Mullins | June 17, 2008 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: